Jump to content


Photo
- - - - -

IP address blocked

195.16.88.68 195168868 updater.exe IP address blocked

  • This topic is locked This topic is locked
25 replies to this topic

#1 foxflyer

foxflyer

    New Member

  • Members
  • Pip
  • 15 posts

Posted 13 April 2012 - 04:23 PM

MWB keeps blocking an IP address every couple minutes

Successfully blocked access to a potentially malicious website: 195.16.88.68 - updater.exe
Type: outgoing
Port: varies (many ports used as shown in log), Process: updater.exe

I've included a log for today (April 13th, 2012), and the requested files after running the DDS application. I've ran a scan with MWB and a couple things came up and deleted, but it keeps popping up. I don't know if I am infected or not, but I'd rather be safe than sorry, so any help would be greatly appreciated! :)

Attached File  protection-log-2012-04-13.txt   114.54KB   12 downloadsAttached File  Attach.txt   10.93KB   19 downloadsAttached File  DDS.txt   26.63KB   17 downloads

#2 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 14 April 2012 - 03:43 AM

Hello and :welcome:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#3 foxflyer

foxflyer

    New Member

  • Members
  • Pip
  • 15 posts

Posted 14 April 2012 - 04:41 PM

16:36:12.0929 1900 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
16:36:13.0366 1900 ============================================================
16:36:13.0366 1900 Current date / time: 2012/04/14 16:36:13.0366
16:36:13.0366 1900 SystemInfo:
16:36:13.0366 1900
16:36:13.0366 1900 OS Version: 6.1.7601 ServicePack: 1.0
16:36:13.0366 1900 Product type: Workstation
16:36:13.0366 1900 ComputerName: OMX-PC
16:36:13.0366 1900 UserName: omx
16:36:13.0366 1900 Windows directory: C:\windows
16:36:13.0366 1900 System windows directory: C:\windows
16:36:13.0366 1900 Running under WOW64
16:36:13.0366 1900 Processor architecture: Intel x64
16:36:13.0366 1900 Number of processors: 4
16:36:13.0366 1900 Page size: 0x1000
16:36:13.0366 1900 Boot type: Normal boot
16:36:13.0366 1900 ============================================================
16:36:13.0834 1900 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:36:13.0881 1900 \Device\Harddisk0\DR0:
16:36:13.0881 1900 MBR used
16:36:13.0881 1900 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x4893B000
16:36:13.0912 1900 Initialize success
16:36:13.0912 1900 ============================================================
16:36:26.0236 1484 ============================================================
16:36:26.0236 1484 Scan started
16:36:26.0236 1484 Mode: Manual;
16:36:26.0236 1484 ============================================================
16:36:26.0501 1484 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
16:36:26.0501 1484 1394ohci - ok
16:36:26.0548 1484 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
16:36:26.0548 1484 ACPI - ok
16:36:26.0579 1484 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
16:36:26.0579 1484 AcpiPmi - ok
16:36:26.0673 1484 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:36:26.0689 1484 AdobeARMservice - ok
16:36:26.0813 1484 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
16:36:26.0829 1484 adp94xx - ok
16:36:26.0891 1484 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
16:36:26.0891 1484 adpahci - ok
16:36:26.0923 1484 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
16:36:26.0923 1484 adpu320 - ok
16:36:26.0969 1484 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
16:36:26.0969 1484 AeLookupSvc - ok
16:36:27.0047 1484 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
16:36:27.0047 1484 AFD - ok
16:36:27.0141 1484 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
16:36:27.0141 1484 agp440 - ok
16:36:27.0157 1484 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
16:36:27.0157 1484 ALG - ok
16:36:27.0188 1484 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
16:36:27.0188 1484 aliide - ok
16:36:27.0203 1484 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
16:36:27.0203 1484 amdide - ok
16:36:27.0235 1484 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
16:36:27.0235 1484 AmdK8 - ok
16:36:27.0250 1484 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
16:36:27.0266 1484 AmdPPM - ok
16:36:27.0359 1484 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
16:36:27.0359 1484 amdsata - ok
16:36:27.0391 1484 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
16:36:27.0406 1484 amdsbs - ok
16:36:27.0422 1484 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
16:36:27.0422 1484 amdxata - ok
16:36:27.0547 1484 AOL ACS (85180cf88c5ebad73b452a43a004ca51) C:\Program Files (x86)\Common Files\AOL\ACS\AOLAcsd.exe
16:36:27.0547 1484 AOL ACS - ok
16:36:27.0625 1484 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
16:36:27.0625 1484 AppID - ok
16:36:27.0656 1484 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
16:36:27.0671 1484 AppIDSvc - ok
16:36:27.0687 1484 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
16:36:27.0703 1484 Appinfo - ok
16:36:27.0734 1484 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
16:36:27.0734 1484 arc - ok
16:36:27.0796 1484 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
16:36:27.0812 1484 arcsas - ok
16:36:27.0843 1484 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
16:36:27.0843 1484 AsyncMac - ok
16:36:27.0874 1484 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
16:36:27.0874 1484 atapi - ok
16:36:27.0952 1484 athr (b2931c83cfb12a3223a47b180473ae1a) C:\windows\system32\DRIVERS\athrx.sys
16:36:27.0999 1484 athr - ok
16:36:28.0077 1484 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
16:36:28.0093 1484 AudioEndpointBuilder - ok
16:36:28.0108 1484 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
16:36:28.0108 1484 AudioSrv - ok
16:36:28.0155 1484 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
16:36:28.0155 1484 AxInstSV - ok
16:36:28.0217 1484 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
16:36:28.0233 1484 b06bdrv - ok
16:36:28.0295 1484 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
16:36:28.0295 1484 b57nd60a - ok
16:36:28.0358 1484 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
16:36:28.0358 1484 BDESVC - ok
16:36:28.0405 1484 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
16:36:28.0405 1484 Beep - ok
16:36:28.0483 1484 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
16:36:28.0498 1484 BFE - ok
16:36:28.0545 1484 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
16:36:28.0592 1484 BITS - ok
16:36:28.0654 1484 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys
16:36:28.0654 1484 blbdrive - ok
16:36:28.0685 1484 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
16:36:28.0701 1484 bowser - ok
16:36:28.0732 1484 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
16:36:28.0732 1484 BrFiltLo - ok
16:36:28.0748 1484 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
16:36:28.0748 1484 BrFiltUp - ok
16:36:28.0795 1484 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
16:36:28.0795 1484 Browser - ok
16:36:28.0841 1484 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
16:36:28.0857 1484 Brserid - ok
16:36:28.0919 1484 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
16:36:28.0919 1484 BrSerWdm - ok
16:36:28.0966 1484 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
16:36:28.0966 1484 BrUsbMdm - ok
16:36:28.0997 1484 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
16:36:28.0997 1484 BrUsbSer - ok
16:36:29.0060 1484 BTCFilterService - ok
16:36:29.0122 1484 BtFilter (2347abbd13bada65826fdab4caafe357) C:\windows\system32\DRIVERS\btfilter.sys
16:36:29.0138 1484 BtFilter - ok
16:36:29.0216 1484 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
16:36:29.0216 1484 BTHMODEM - ok
16:36:29.0294 1484 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
16:36:29.0294 1484 bthserv - ok
16:36:29.0341 1484 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
16:36:29.0341 1484 cdfs - ok
16:36:29.0403 1484 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
16:36:29.0434 1484 cdrom - ok
16:36:29.0481 1484 CeKbFilter (a965b206921c55f2d1481789d609b711) C:\windows\system32\DRIVERS\CeKbFilter.sys
16:36:29.0497 1484 CeKbFilter - ok
16:36:29.0543 1484 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
16:36:29.0543 1484 CertPropSvc - ok
16:36:29.0606 1484 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
16:36:29.0621 1484 circlass - ok
16:36:29.0637 1484 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
16:36:29.0653 1484 CLFS - ok
16:36:29.0684 1484 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:36:29.0699 1484 clr_optimization_v2.0.50727_32 - ok
16:36:29.0731 1484 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:36:29.0731 1484 clr_optimization_v2.0.50727_64 - ok
16:36:29.0793 1484 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:36:29.0824 1484 clr_optimization_v4.0.30319_32 - ok
16:36:29.0871 1484 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:36:29.0887 1484 clr_optimization_v4.0.30319_64 - ok
16:36:29.0949 1484 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys
16:36:29.0949 1484 CmBatt - ok
16:36:29.0980 1484 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
16:36:29.0980 1484 cmdide - ok
16:36:30.0058 1484 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
16:36:30.0074 1484 CNG - ok
16:36:30.0152 1484 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
16:36:30.0152 1484 Compbatt - ok
16:36:30.0183 1484 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
16:36:30.0183 1484 CompositeBus - ok
16:36:30.0214 1484 COMSysApp - ok
16:36:30.0292 1484 cpuz135 (c08063f052308b6f5882482615387f30) C:\windows\system32\drivers\cpuz135_x64.sys
16:36:30.0292 1484 cpuz135 - ok
16:36:30.0355 1484 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
16:36:30.0355 1484 crcdisk - ok
16:36:30.0433 1484 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
16:36:30.0448 1484 CryptSvc - ok
16:36:30.0557 1484 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
16:36:30.0573 1484 cvhsvc - ok
16:36:30.0667 1484 dc3d (1ca90212a99db6975c344826d11055c9) C:\windows\system32\DRIVERS\dc3d.sys
16:36:30.0667 1484 dc3d - ok
16:36:30.0729 1484 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
16:36:30.0760 1484 DcomLaunch - ok
16:36:30.0807 1484 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
16:36:30.0807 1484 defragsvc - ok
16:36:30.0838 1484 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
16:36:30.0838 1484 DfsC - ok
16:36:30.0916 1484 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
16:36:30.0916 1484 Dhcp - ok
16:36:30.0947 1484 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
16:36:30.0947 1484 discache - ok
16:36:30.0963 1484 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
16:36:30.0979 1484 Disk - ok
16:36:31.0057 1484 DiskManager (39bbdf25986d56fffebec8bdee8a1d5d) C:\DiskManager\Updater.exe
16:36:31.0072 1484 DiskManager - ok
16:36:31.0135 1484 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
16:36:31.0135 1484 Dnscache - ok
16:36:31.0166 1484 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
16:36:31.0166 1484 dot3svc - ok
16:36:31.0197 1484 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
16:36:31.0197 1484 DPS - ok
16:36:31.0244 1484 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
16:36:31.0244 1484 drmkaud - ok
16:36:31.0306 1484 dtsoftbus01 (821bf177a24172f5f0ee9b322f58516c) C:\windows\system32\DRIVERS\dtsoftbus01.sys
16:36:31.0306 1484 dtsoftbus01 - ok
16:36:31.0400 1484 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
16:36:31.0415 1484 DXGKrnl - ok
16:36:31.0462 1484 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
16:36:31.0462 1484 EapHost - ok
16:36:31.0571 1484 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
16:36:31.0618 1484 ebdrv - ok
16:36:31.0696 1484 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
16:36:31.0696 1484 EFS - ok
16:36:31.0743 1484 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
16:36:31.0759 1484 ehRecvr - ok
16:36:31.0774 1484 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
16:36:31.0774 1484 ehSched - ok
16:36:31.0837 1484 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
16:36:31.0837 1484 elxstor - ok
16:36:31.0899 1484 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
16:36:31.0899 1484 ErrDev - ok
16:36:31.0961 1484 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
16:36:31.0961 1484 EventSystem - ok
16:36:31.0993 1484 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
16:36:32.0008 1484 exfat - ok
16:36:32.0039 1484 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
16:36:32.0055 1484 fastfat - ok
16:36:32.0117 1484 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
16:36:32.0133 1484 Fax - ok
16:36:32.0180 1484 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
16:36:32.0180 1484 fdc - ok
16:36:32.0211 1484 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
16:36:32.0227 1484 fdPHost - ok
16:36:32.0242 1484 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
16:36:32.0242 1484 FDResPub - ok
16:36:32.0289 1484 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
16:36:32.0289 1484 FileInfo - ok
16:36:32.0351 1484 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
16:36:32.0351 1484 Filetrace - ok
16:36:32.0383 1484 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
16:36:32.0383 1484 flpydisk - ok
16:36:32.0414 1484 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
16:36:32.0414 1484 FltMgr - ok
16:36:32.0461 1484 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
16:36:32.0476 1484 FontCache - ok
16:36:32.0523 1484 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:36:32.0523 1484 FontCache3.0.0.0 - ok
16:36:32.0585 1484 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
16:36:32.0601 1484 FsDepends - ok
16:36:32.0632 1484 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
16:36:32.0632 1484 Fs_Rec - ok
16:36:32.0663 1484 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
16:36:32.0663 1484 fvevol - ok
16:36:32.0726 1484 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
16:36:32.0726 1484 gagp30kx - ok
16:36:32.0804 1484 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
16:36:32.0819 1484 GamesAppService - ok
16:36:32.0897 1484 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
16:36:32.0913 1484 gpsvc - ok
16:36:32.0975 1484 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:36:32.0975 1484 gupdate - ok
16:36:32.0991 1484 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:36:33.0007 1484 gupdatem - ok
16:36:33.0053 1484 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
16:36:33.0053 1484 gusvc - ok
16:36:33.0131 1484 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
16:36:33.0131 1484 hcw85cir - ok
16:36:33.0178 1484 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
16:36:33.0194 1484 HdAudAddService - ok
16:36:33.0241 1484 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
16:36:33.0241 1484 HDAudBus - ok
16:36:33.0256 1484 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
16:36:33.0256 1484 HidBatt - ok
16:36:33.0272 1484 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
16:36:33.0272 1484 HidBth - ok
16:36:33.0350 1484 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
16:36:33.0350 1484 HidIr - ok
16:36:33.0381 1484 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
16:36:33.0381 1484 hidserv - ok
16:36:33.0428 1484 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
16:36:33.0428 1484 HidUsb - ok
16:36:33.0459 1484 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
16:36:33.0459 1484 hkmsvc - ok
16:36:33.0521 1484 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
16:36:33.0521 1484 HomeGroupListener - ok
16:36:33.0553 1484 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
16:36:33.0553 1484 HomeGroupProvider - ok
16:36:33.0615 1484 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
16:36:33.0615 1484 HpSAMD - ok
16:36:33.0662 1484 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
16:36:33.0677 1484 HTTP - ok
16:36:33.0724 1484 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
16:36:33.0724 1484 hwpolicy - ok
16:36:33.0755 1484 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
16:36:33.0755 1484 i8042prt - ok
16:36:33.0818 1484 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys
16:36:33.0818 1484 iaStor - ok
16:36:33.0880 1484 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
16:36:33.0896 1484 iaStorV - ok
16:36:33.0989 1484 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:36:34.0005 1484 idsvc - ok
16:36:34.0270 1484 igfx (370c2a8629b30f910f740387795ddc6f) C:\windows\system32\DRIVERS\igdkmd64.sys
16:36:34.0489 1484 igfx - ok
16:36:34.0567 1484 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
16:36:34.0567 1484 iirsp - ok
16:36:34.0613 1484 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
16:36:34.0629 1484 IKEEXT - ok
16:36:34.0707 1484 IntcAzAudAddService (a1fa448078c94e4d011ebd241821ff9e) C:\windows\system32\drivers\RTKVHD64.sys
16:36:34.0754 1484 IntcAzAudAddService - ok
16:36:34.0847 1484 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
16:36:34.0847 1484 IntcDAud - ok
16:36:34.0879 1484 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
16:36:34.0879 1484 intelide - ok
16:36:34.0910 1484 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
16:36:34.0910 1484 intelppm - ok
16:36:34.0941 1484 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
16:36:34.0941 1484 IPBusEnum - ok
16:36:34.0972 1484 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
16:36:34.0972 1484 IpFilterDriver - ok
16:36:35.0050 1484 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
16:36:35.0066 1484 iphlpsvc - ok
16:36:35.0097 1484 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
16:36:35.0113 1484 IPMIDRV - ok
16:36:35.0128 1484 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
16:36:35.0144 1484 IPNAT - ok
16:36:35.0175 1484 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
16:36:35.0175 1484 IRENUM - ok
16:36:35.0191 1484 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
16:36:35.0206 1484 isapnp - ok
16:36:35.0269 1484 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
16:36:35.0284 1484 iScsiPrt - ok
16:36:35.0331 1484 JMCR (935301dd8306ceeaef0b84dd6abffdc6) C:\windows\system32\DRIVERS\jmcr.sys
16:36:35.0331 1484 JMCR - ok
16:36:35.0378 1484 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
16:36:35.0378 1484 kbdclass - ok
16:36:35.0440 1484 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
16:36:35.0440 1484 kbdhid - ok
16:36:35.0487 1484 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:36:35.0487 1484 KeyIso - ok
16:36:35.0518 1484 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
16:36:35.0518 1484 KSecDD - ok
16:36:35.0534 1484 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
16:36:35.0549 1484 KSecPkg - ok
16:36:35.0581 1484 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
16:36:35.0581 1484 ksthunk - ok
16:36:35.0659 1484 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
16:36:35.0659 1484 KtmRm - ok
16:36:35.0705 1484 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
16:36:35.0721 1484 LanmanServer - ok
16:36:35.0737 1484 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
16:36:35.0752 1484 LanmanWorkstation - ok
16:36:35.0815 1484 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
16:36:35.0815 1484 lltdio - ok
16:36:35.0877 1484 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
16:36:35.0877 1484 lltdsvc - ok
16:36:35.0908 1484 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
16:36:35.0908 1484 lmhosts - ok
16:36:35.0971 1484 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
16:36:35.0986 1484 LMS - ok
16:36:36.0017 1484 LPCFilter (2825a71e7501cb33b3b9f856610c729d) C:\windows\system32\DRIVERS\LPCFilter.sys
16:36:36.0017 1484 LPCFilter - ok
16:36:36.0095 1484 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
16:36:36.0095 1484 LSI_FC - ok
16:36:36.0111 1484 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
16:36:36.0127 1484 LSI_SAS - ok
16:36:36.0142 1484 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
16:36:36.0142 1484 LSI_SAS2 - ok
16:36:36.0173 1484 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
16:36:36.0173 1484 LSI_SCSI - ok
16:36:36.0205 1484 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
16:36:36.0205 1484 luafv - ok
16:36:36.0314 1484 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
16:36:36.0314 1484 MBAMProtector - ok
16:36:36.0392 1484 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:36:36.0407 1484 MBAMService - ok
16:36:36.0439 1484 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
16:36:36.0439 1484 Mcx2Svc - ok
16:36:36.0470 1484 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
16:36:36.0470 1484 megasas - ok
16:36:36.0548 1484 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
16:36:36.0548 1484 MegaSR - ok
16:36:36.0595 1484 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
16:36:36.0595 1484 MEIx64 - ok
16:36:36.0657 1484 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:36:36.0657 1484 MMCSS - ok
16:36:36.0719 1484 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
16:36:36.0719 1484 Modem - ok
16:36:36.0735 1484 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
16:36:36.0735 1484 monitor - ok
16:36:36.0766 1484 motccgp - ok
16:36:36.0782 1484 motccgpfl - ok
16:36:36.0813 1484 motmodem - ok
16:36:36.0891 1484 MotoHelper (9dfd34e6841c460b5d992a1c5327ae69) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
16:36:36.0891 1484 MotoHelper - ok
16:36:36.0938 1484 MotoSwitchService - ok
16:36:36.0953 1484 Motousbnet - ok
16:36:36.0969 1484 motusbdevice - ok
16:36:37.0000 1484 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
16:36:37.0000 1484 mouclass - ok
16:36:37.0031 1484 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
16:36:37.0047 1484 mouhid - ok
16:36:37.0078 1484 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
16:36:37.0094 1484 mountmgr - ok
16:36:37.0172 1484 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys
16:36:37.0172 1484 MpFilter - ok
16:36:37.0234 1484 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
16:36:37.0250 1484 mpio - ok
16:36:37.0281 1484 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys
16:36:37.0281 1484 MpNWMon - ok
16:36:37.0312 1484 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
16:36:37.0312 1484 mpsdrv - ok
16:36:37.0375 1484 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
16:36:37.0406 1484 MpsSvc - ok
16:36:37.0437 1484 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
16:36:37.0453 1484 MRxDAV - ok
16:36:37.0484 1484 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
16:36:37.0499 1484 mrxsmb - ok
16:36:37.0515 1484 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
16:36:37.0531 1484 mrxsmb10 - ok
16:36:37.0562 1484 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
16:36:37.0577 1484 mrxsmb20 - ok
16:36:37.0609 1484 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
16:36:37.0609 1484 msahci - ok
16:36:37.0655 1484 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
16:36:37.0655 1484 msdsm - ok
16:36:37.0687 1484 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
16:36:37.0687 1484 MSDTC - ok
16:36:37.0749 1484 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
16:36:37.0749 1484 Msfs - ok
16:36:37.0811 1484 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
16:36:37.0811 1484 mshidkmdf - ok
16:36:37.0843 1484 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
16:36:37.0843 1484 msisadrv - ok
16:36:37.0874 1484 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
16:36:37.0874 1484 MSiSCSI - ok
16:36:37.0905 1484 msiserver - ok
16:36:37.0936 1484 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
16:36:37.0936 1484 MSKSSRV - ok
16:36:38.0030 1484 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
16:36:38.0030 1484 MsMpSvc - ok
16:36:38.0108 1484 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
16:36:38.0108 1484 MSPCLOCK - ok
16:36:38.0155 1484 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
16:36:38.0155 1484 MSPQM - ok
16:36:38.0186 1484 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
16:36:38.0186 1484 MsRPC - ok
16:36:38.0217 1484 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
16:36:38.0217 1484 mssmbios - ok
16:36:38.0233 1484 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
16:36:38.0248 1484 MSTEE - ok
16:36:38.0264 1484 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
16:36:38.0264 1484 MTConfig - ok
16:36:38.0326 1484 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
16:36:38.0326 1484 Mup - ok
16:36:38.0373 1484 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
16:36:38.0373 1484 napagent - ok
16:36:38.0420 1484 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
16:36:38.0435 1484 NativeWifiP - ok
16:36:38.0467 1484 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
16:36:38.0498 1484 NDIS - ok
16:36:38.0560 1484 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
16:36:38.0560 1484 NdisCap - ok
16:36:38.0607 1484 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
16:36:38.0607 1484 NdisTapi - ok
16:36:38.0623 1484 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
16:36:38.0638 1484 Ndisuio - ok
16:36:38.0654 1484 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
16:36:38.0669 1484 NdisWan - ok
16:36:38.0685 1484 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
16:36:38.0685 1484 NDProxy - ok
16:36:38.0779 1484 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
16:36:38.0779 1484 NetBIOS - ok
16:36:38.0794 1484 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
16:36:38.0810 1484 NetBT - ok
16:36:38.0857 1484 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:36:38.0857 1484 Netlogon - ok
16:36:38.0903 1484 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
16:36:38.0919 1484 Netman - ok
16:36:38.0981 1484 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
16:36:38.0981 1484 netprofm - ok
16:36:39.0028 1484 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:36:39.0028 1484 NetTcpPortSharing - ok
16:36:39.0091 1484 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
16:36:39.0106 1484 nfrd960 - ok
16:36:39.0137 1484 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys
16:36:39.0137 1484 NisDrv - ok
16:36:39.0231 1484 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
16:36:39.0247 1484 NisSrv - ok
16:36:39.0325 1484 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
16:36:39.0340 1484 NlaSvc - ok
16:36:39.0371 1484 Norton PC Checkup Application Launcher - ok
16:36:39.0418 1484 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
16:36:39.0418 1484 Npfs - ok
16:36:39.0434 1484 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
16:36:39.0449 1484 nsi - ok
16:36:39.0465 1484 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
16:36:39.0465 1484 nsiproxy - ok
16:36:39.0590 1484 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
16:36:39.0621 1484 Ntfs - ok
16:36:39.0652 1484 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
16:36:39.0652 1484 Null - ok
16:36:39.0683 1484 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\windows\system32\DRIVERS\nusb3hub.sys
16:36:39.0699 1484 nusb3hub - ok
16:36:39.0715 1484 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\windows\system32\DRIVERS\nusb3xhc.sys
16:36:39.0715 1484 nusb3xhc - ok
16:36:40.0042 1484 nvlddmkm (685cc16c261952f833ef56af4ec3bf0d) C:\windows\system32\DRIVERS\nvlddmkm.sys
16:36:40.0245 1484 nvlddmkm - ok
16:36:40.0339 1484 nvpciflt (d9c08f27936810db50363fdcf2496d0e) C:\windows\system32\DRIVERS\nvpciflt.sys
16:36:40.0339 1484 nvpciflt - ok
16:36:40.0401 1484 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
16:36:40.0401 1484 nvraid - ok
16:36:40.0432 1484 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
16:36:40.0432 1484 nvstor - ok
16:36:40.0479 1484 NVSvc (9ec6631832cebe137cbfed2d9186b76e) C:\windows\system32\nvvsvc.exe
16:36:40.0495 1484 NVSvc - ok
16:36:40.0588 1484 nvUpdatusService (6336a844fb153957dfbb1652ad5b46bb) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
16:36:40.0604 1484 nvUpdatusService - ok
16:36:40.0682 1484 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
16:36:40.0682 1484 nv_agp - ok
16:36:40.0697 1484 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
16:36:40.0697 1484 ohci1394 - ok
16:36:40.0775 1484 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:36:40.0791 1484 ose - ok
16:36:40.0994 1484 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:36:41.0041 1484 osppsvc - ok
16:36:41.0119 1484 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:36:41.0134 1484 p2pimsvc - ok
16:36:41.0165 1484 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
16:36:41.0181 1484 p2psvc - ok
16:36:41.0212 1484 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
16:36:41.0212 1484 Parport - ok
16:36:41.0228 1484 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
16:36:41.0228 1484 partmgr - ok
16:36:41.0259 1484 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
16:36:41.0259 1484 PcaSvc - ok
16:36:41.0306 1484 PCCUJobMgr (2f86be1818c2d7ac90478e3323ee7fcb) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
16:36:41.0306 1484 PCCUJobMgr - ok
16:36:41.0368 1484 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
16:36:41.0368 1484 pci - ok
16:36:41.0384 1484 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
16:36:41.0384 1484 pciide - ok
16:36:41.0431 1484 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
16:36:41.0431 1484 pcmcia - ok
16:36:41.0446 1484 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
16:36:41.0462 1484 pcw - ok
16:36:41.0477 1484 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
16:36:41.0493 1484 PEAUTH - ok
16:36:41.0540 1484 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
16:36:41.0540 1484 PerfHost - ok
16:36:41.0633 1484 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
16:36:41.0633 1484 PGEffect - ok
16:36:41.0696 1484 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
16:36:41.0711 1484 pla - ok
16:36:41.0758 1484 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
16:36:41.0758 1484 PlugPlay - ok
16:36:41.0821 1484 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
16:36:41.0821 1484 PNRPAutoReg - ok
16:36:41.0836 1484 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
16:36:41.0836 1484 PNRPsvc - ok
16:36:41.0899 1484 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys
16:36:41.0899 1484 Point64 - ok
16:36:41.0930 1484 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
16:36:41.0930 1484 PolicyAgent - ok
16:36:41.0961 1484 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
16:36:41.0977 1484 Power - ok
16:36:42.0039 1484 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
16:36:42.0039 1484 PptpMiniport - ok
16:36:42.0070 1484 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
16:36:42.0070 1484 Processor - ok
16:36:42.0101 1484 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
16:36:42.0101 1484 ProfSvc - ok
16:36:42.0148 1484 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:36:42.0148 1484 ProtectedStorage - ok
16:36:42.0179 1484 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
16:36:42.0179 1484 Psched - ok
16:36:42.0257 1484 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
16:36:42.0273 1484 ql2300 - ok
16:36:42.0320 1484 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
16:36:42.0320 1484 ql40xx - ok
16:36:42.0351 1484 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
16:36:42.0367 1484 QWAVE - ok
16:36:42.0398 1484 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
16:36:42.0398 1484 QWAVEdrv - ok
16:36:42.0460 1484 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
16:36:42.0460 1484 RasAcd - ok
16:36:42.0491 1484 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
16:36:42.0491 1484 RasAgileVpn - ok
16:36:42.0523 1484 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
16:36:42.0523 1484 RasAuto - ok
16:36:42.0554 1484 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
16:36:42.0554 1484 Rasl2tp - ok
16:36:42.0616 1484 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
16:36:42.0632 1484 RasMan - ok
16:36:42.0694 1484 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
16:36:42.0694 1484 RasPppoe - ok
16:36:42.0725 1484 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
16:36:42.0725 1484 RasSstp - ok
16:36:42.0788 1484 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
16:36:42.0803 1484 rdbss - ok
16:36:42.0819 1484 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
16:36:42.0819 1484 rdpbus - ok
16:36:42.0850 1484 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
16:36:42.0850 1484 RDPCDD - ok
16:36:42.0913 1484 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
16:36:42.0913 1484 RDPENCDD - ok
16:36:42.0928 1484 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
16:36:42.0928 1484 RDPREFMP - ok
16:36:42.0959 1484 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
16:36:42.0975 1484 RDPWD - ok
16:36:43.0006 1484 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
16:36:43.0022 1484 rdyboost - ok
16:36:43.0053 1484 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
16:36:43.0053 1484 RemoteAccess - ok
16:36:43.0131 1484 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
16:36:43.0147 1484 RemoteRegistry - ok
16:36:43.0162 1484 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
16:36:43.0162 1484 RpcEptMapper - ok
16:36:43.0193 1484 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
16:36:43.0193 1484 RpcLocator - ok
16:36:43.0225 1484 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
16:36:43.0240 1484 RpcSs - ok
16:36:43.0271 1484 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
16:36:43.0287 1484 rspndr - ok
16:36:43.0365 1484 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
16:36:43.0381 1484 RTL8167 - ok
16:36:43.0412 1484 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:36:43.0412 1484 SamSs - ok
16:36:43.0443 1484 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
16:36:43.0443 1484 sbp2port - ok
16:36:43.0474 1484 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
16:36:43.0474 1484 SCardSvr - ok
16:36:43.0521 1484 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
16:36:43.0521 1484 scfilter - ok
16:36:43.0615 1484 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
16:36:43.0630 1484 Schedule - ok
16:36:43.0661 1484 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
16:36:43.0661 1484 SCPolicySvc - ok
16:36:43.0693 1484 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\windows\system32\DRIVERS\sdbus.sys
16:36:43.0693 1484 sdbus - ok
16:36:43.0724 1484 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
16:36:43.0724 1484 SDRSVC - ok
16:36:43.0817 1484 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
16:36:43.0817 1484 secdrv - ok
16:36:43.0849 1484 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
16:36:43.0849 1484 seclogon - ok
16:36:43.0880 1484 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
16:36:43.0895 1484 SENS - ok
16:36:43.0927 1484 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
16:36:43.0927 1484 SensrSvc - ok
16:36:43.0989 1484 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
16:36:43.0989 1484 Serenum - ok
16:36:44.0051 1484 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
16:36:44.0051 1484 Serial - ok
16:36:44.0098 1484 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
16:36:44.0098 1484 sermouse - ok
16:36:44.0145 1484 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
16:36:44.0145 1484 SessionEnv - ok
16:36:44.0192 1484 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
16:36:44.0207 1484 sffdisk - ok
16:36:44.0223 1484 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
16:36:44.0223 1484 sffp_mmc - ok
16:36:44.0270 1484 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
16:36:44.0270 1484 sffp_sd - ok
16:36:44.0301 1484 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
16:36:44.0317 1484 sfloppy - ok
16:36:44.0363 1484 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
16:36:44.0379 1484 Sftfs - ok
16:36:44.0457 1484 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
16:36:44.0473 1484 sftlist - ok
16:36:44.0535 1484 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
16:36:44.0551 1484 Sftplay - ok
16:36:44.0566 1484 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
16:36:44.0566 1484 Sftredir - ok
16:36:44.0582 1484 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
16:36:44.0582 1484 Sftvol - ok
16:36:44.0660 1484 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
16:36:44.0675 1484 sftvsa - ok
16:36:44.0707 1484 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
16:36:44.0722 1484 SharedAccess - ok
16:36:44.0785 1484 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
16:36:44.0800 1484 ShellHWDetection - ok
16:36:44.0878 1484 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
16:36:44.0878 1484 SiSRaid2 - ok
16:36:44.0909 1484 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
16:36:44.0925 1484 SiSRaid4 - ok
16:36:45.0003 1484 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
16:36:45.0003 1484 SkypeUpdate - ok
16:36:45.0065 1484 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
16:36:45.0065 1484 Smb - ok
16:36:45.0128 1484 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
16:36:45.0128 1484 SNMPTRAP - ok
16:36:45.0159 1484 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
16:36:45.0159 1484 spldr - ok
16:36:45.0190 1484 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
16:36:45.0206 1484 Spooler - ok
16:36:45.0409 1484 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
16:36:45.0487 1484 sppsvc - ok
16:36:45.0518 1484 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
16:36:45.0533 1484 sppuinotify - ok
16:36:45.0611 1484 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
16:36:45.0627 1484 srv - ok
16:36:45.0658 1484 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
16:36:45.0674 1484 srv2 - ok
16:36:45.0689 1484 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
16:36:45.0689 1484 srvnet - ok
16:36:45.0736 1484 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
16:36:45.0752 1484 SSDPSRV - ok
16:36:45.0799 1484 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
16:36:45.0799 1484 SstpSvc - ok
16:36:45.0892 1484 Steam Client Service - ok
16:36:45.0939 1484 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
16:36:45.0939 1484 stexstor - ok
16:36:46.0033 1484 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
16:36:46.0048 1484 stisvc - ok
16:36:46.0064 1484 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
16:36:46.0064 1484 swenum - ok
16:36:46.0111 1484 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
16:36:46.0126 1484 swprv - ok
16:36:46.0189 1484 SynTP (f5b46df59feaa48a442aed7eeb754d4b) C:\windows\system32\DRIVERS\SynTP.sys
16:36:46.0204 1484 SynTP - ok
16:36:46.0298 1484 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
16:36:46.0329 1484 SysMain - ok
16:36:46.0360 1484 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
16:36:46.0360 1484 TabletInputService - ok
16:36:46.0376 1484 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
16:36:46.0391 1484 TapiSrv - ok
16:36:46.0407 1484 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
16:36:46.0407 1484 TBS - ok
16:36:46.0501 1484 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
16:36:46.0532 1484 Tcpip - ok
16:36:46.0625 1484 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
16:36:46.0641 1484 TCPIP6 - ok
16:36:46.0672 1484 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
16:36:46.0672 1484 tcpipreg - ok
16:36:46.0735 1484 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
16:36:46.0735 1484 tdcmdpst - ok
16:36:46.0781 1484 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
16:36:46.0781 1484 TDPIPE - ok
16:36:46.0859 1484 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
16:36:46.0859 1484 TDTCP - ok
16:36:46.0891 1484 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
16:36:46.0891 1484 tdx - ok
16:36:47.0062 1484 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
16:36:47.0093 1484 TeamViewer7 - ok
16:36:47.0156 1484 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
16:36:47.0156 1484 TermDD - ok
16:36:47.0218 1484 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
16:36:47.0218 1484 TermService - ok
16:36:47.0249 1484 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
16:36:47.0249 1484 Themes - ok
16:36:47.0281 1484 Thpdrv (c013f6acaa9761f571bd28dada7c157d) C:\windows\system32\DRIVERS\thpdrv.sys
16:36:47.0281 1484 Thpdrv - ok
16:36:47.0359 1484 Thpevm (b4e609047434ed948af7bdef2fa66e38) C:\windows\system32\DRIVERS\Thpevm.SYS
16:36:47.0359 1484 Thpevm - ok
16:36:47.0405 1484 Thpsrv (9b032a63a0553a2d872815c64a0288be) C:\windows\system32\ThpSrv.exe
16:36:47.0421 1484 Thpsrv - ok
16:36:47.0452 1484 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
16:36:47.0468 1484 THREADORDER - ok
16:36:47.0515 1484 TMachInfo (83e91963c4452be6899503cf9ebfd3ed) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
16:36:47.0515 1484 TMachInfo - ok
16:36:47.0577 1484 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
16:36:47.0593 1484 TODDSrv - ok
16:36:47.0671 1484 TosCoSrv (63b379f8885cb1c557771bb8b16162e3) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
16:36:47.0717 1484 TosCoSrv - ok
16:36:47.0780 1484 TOSHIBA Bluetooth Service (8f099be5db17d025e19652851399b9f1) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
16:36:47.0780 1484 TOSHIBA Bluetooth Service - ok
16:36:47.0827 1484 TOSHIBA eco Utility Service (2ecc833ea37cece0052d4d9adc184177) C:\Program Files\TOSHIBA\TECO\TecoService.exe
16:36:47.0827 1484 TOSHIBA eco Utility Service - ok
16:36:47.0905 1484 TOSHIBA HDD SSD Alert Service (edb4b432db13ea3d1eb2356310d33263) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
16:36:47.0905 1484 TOSHIBA HDD SSD Alert Service - ok
16:36:47.0967 1484 Tosrfcom - ok
16:36:48.0014 1484 tosrfec (f5e3ac4cbcd154ee80849b21887fd0b0) C:\windows\system32\DRIVERS\tosrfec.sys
16:36:48.0014 1484 tosrfec - ok
16:36:48.0045 1484 Tosrfusb (7a0048693f98460ff537be31c741b927) C:\windows\system32\DRIVERS\tosrfusb.sys
16:36:48.0045 1484 Tosrfusb - ok
16:36:48.0107 1484 tos_sps64 (09ff7b0b1b5c3d225495cb6f5a9b39f8) C:\windows\system32\DRIVERS\tos_sps64.sys
16:36:48.0107 1484 tos_sps64 - ok
16:36:48.0201 1484 TPCHSrv (9f8410ccc72b3470c96da415be0cf423) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
16:36:48.0201 1484 TPCHSrv - ok
16:36:48.0279 1484 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
16:36:48.0279 1484 TrkWks - ok
16:36:48.0310 1484 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
16:36:48.0326 1484 TrustedInstaller - ok
16:36:48.0357 1484 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
16:36:48.0357 1484 tssecsrv - ok
16:36:48.0388 1484 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
16:36:48.0404 1484 TsUsbFlt - ok
16:36:48.0419 1484 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
16:36:48.0419 1484 TsUsbGD - ok
16:36:48.0497 1484 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
16:36:48.0497 1484 tunnel - ok
16:36:48.0575 1484 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
16:36:48.0575 1484 TVALZ - ok
16:36:48.0622 1484 TVALZFL (9c7191f4b2e49bff47a6c1144b5923fa) C:\windows\system32\DRIVERS\TVALZFL.sys
16:36:48.0622 1484 TVALZFL - ok
16:36:48.0685 1484 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
16:36:48.0685 1484 uagp35 - ok
16:36:48.0716 1484 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
16:36:48.0731 1484 udfs - ok
16:36:48.0794 1484 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
16:36:48.0794 1484 UI0Detect - ok
16:36:48.0841 1484 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
16:36:48.0841 1484 uliagpkx - ok
16:36:48.0872 1484 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
16:36:48.0872 1484 umbus - ok
16:36:48.0934 1484 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
16:36:48.0934 1484 UmPass - ok
16:36:49.0075 1484 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
16:36:49.0090 1484 UNS - ok
16:36:49.0121 1484 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
16:36:49.0121 1484 upnphost - ok
16:36:49.0199 1484 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
16:36:49.0199 1484 usbccgp - ok
16:36:49.0231 1484 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
16:36:49.0231 1484 usbcir - ok
16:36:49.0262 1484 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
16:36:49.0262 1484 usbehci - ok
16:36:49.0293 1484 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
16:36:49.0309 1484 usbhub - ok
16:36:49.0340 1484 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
16:36:49.0340 1484 usbohci - ok
16:36:49.0402 1484 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
16:36:49.0418 1484 usbprint - ok
16:36:49.0465 1484 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
16:36:49.0465 1484 USBSTOR - ok
16:36:49.0480 1484 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
16:36:49.0496 1484 usbuhci - ok
16:36:49.0511 1484 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
16:36:49.0527 1484 usbvideo - ok
16:36:49.0543 1484 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
16:36:49.0558 1484 UxSms - ok
16:36:49.0636 1484 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
16:36:49.0636 1484 VaultSvc - ok
16:36:49.0683 1484 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
16:36:49.0683 1484 vdrvroot - ok
16:36:49.0714 1484 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
16:36:49.0730 1484 vds - ok
16:36:49.0745 1484 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
16:36:49.0745 1484 vga - ok
16:36:49.0777 1484 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
16:36:49.0777 1484 VgaSave - ok
16:36:49.0823 1484 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
16:36:49.0823 1484 vhdmp - ok
16:36:49.0839 1484 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
16:36:49.0839 1484 viaide - ok
16:36:49.0870 1484 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
16:36:49.0870 1484 volmgr - ok
16:36:49.0917 1484 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
16:36:49.0917 1484 volmgrx - ok
16:36:49.0933 1484 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\windows\system32\drivers\volsnap.sys
16:36:49.0948 1484 volsnap - ok
16:36:50.0011 1484 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
16:36:50.0011 1484 vsmraid - ok
16:36:50.0073 1484 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
16:36:50.0104 1484 VSS - ok
16:36:50.0151 1484 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
16:36:50.0151 1484 vwifibus - ok
16:36:50.0182 1484 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
16:36:50.0182 1484 vwififlt - ok
16:36:50.0276 1484 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
16:36:50.0276 1484 W32Time - ok
16:36:50.0307 1484 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
16:36:50.0307 1484 WacomPen - ok
16:36:50.0369 1484 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:36:50.0369 1484 WANARP - ok
16:36:50.0369 1484 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
16:36:50.0385 1484 Wanarpv6 - ok
16:36:50.0432 1484 wanatw (eceb715bece47e101ddec06b11126066) C:\windows\system32\DRIVERS\wanatw64.sys
16:36:50.0432 1484 wanatw - ok
16:36:50.0541 1484 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
16:36:50.0572 1484 WatAdminSvc - ok
16:36:50.0619 1484 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
16:36:50.0650 1484 wbengine - ok
16:36:50.0666 1484 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
16:36:50.0681 1484 WbioSrvc - ok
16:36:50.0697 1484 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
16:36:50.0697 1484 wcncsvc - ok
16:36:50.0775 1484 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
16:36:50.0775 1484 WcsPlugInService - ok
16:36:50.0822 1484 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
16:36:50.0822 1484 Wd - ok
16:36:50.0853 1484 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
16:36:50.0869 1484 Wdf01000 - ok
16:36:50.0900 1484 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
16:36:50.0900 1484 WdiServiceHost - ok
16:36:50.0900 1484 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
16:36:50.0915 1484 WdiSystemHost - ok
16:36:50.0931 1484 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
16:36:50.0931 1484 WebClient - ok
16:36:50.0931 1484 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
16:36:50.0947 1484 Wecsvc - ok
16:36:50.0962 1484 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
16:36:50.0962 1484 wercplsupport - ok
16:36:50.0978 1484 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
16:36:50.0993 1484 WerSvc - ok
16:36:51.0071 1484 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
16:36:51.0071 1484 WfpLwf - ok
16:36:51.0103 1484 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
16:36:51.0103 1484 WIMMount - ok
16:36:51.0134 1484 WinDefend - ok
16:36:51.0134 1484 WinHttpAutoProxySvc - ok
16:36:51.0212 1484 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
16:36:51.0212 1484 Winmgmt - ok
16:36:51.0321 1484 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
16:36:51.0352 1484 WinRM - ok
16:36:51.0430 1484 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
16:36:51.0446 1484 WinUsb - ok
16:36:51.0539 1484 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
16:36:51.0555 1484 Wlansvc - ok
16:36:51.0617 1484 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:36:51.0633 1484 wlcrasvc - ok
16:36:51.0711 1484 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:36:51.0727 1484 wlidsvc - ok
16:36:51.0805 1484 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
16:36:51.0805 1484 WmiAcpi - ok
16:36:51.0867 1484 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
16:36:51.0883 1484 wmiApSrv - ok
16:36:51.0914 1484 WMPNetworkSvc - ok
16:36:51.0976 1484 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
16:36:51.0976 1484 WPCSvc - ok
16:36:52.0007 1484 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
16:36:52.0007 1484 WPDBusEnum - ok
16:36:52.0054 1484 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
16:36:52.0054 1484 ws2ifsl - ok
16:36:52.0085 1484 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
16:36:52.0085 1484 wscsvc - ok
16:36:52.0085 1484 WSearch - ok
16:36:52.0148 1484 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
16:36:52.0195 1484 wuauserv - ok
16:36:52.0226 1484 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
16:36:52.0241 1484 WudfPf - ok
16:36:52.0288 1484 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
16:36:52.0304 1484 WUDFRd - ok
16:36:52.0335 1484 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
16:36:52.0335 1484 wudfsvc - ok
16:36:52.0366 1484 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
16:36:52.0382 1484 WwanSvc - ok
16:36:52.0413 1484 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
16:36:52.0444 1484 \Device\Harddisk0\DR0 - ok
16:36:52.0475 1484 Boot (0x1200) (f61ee8ff5f670de7085e40c3f340d2d2) \Device\Harddisk0\DR0\Partition0
16:36:52.0475 1484 \Device\Harddisk0\DR0\Partition0 - ok
16:36:52.0475 1484 ============================================================
16:36:52.0475 1484 Scan finished
16:36:52.0475 1484 ============================================================
16:36:52.0491 6716 Detected object count: 0
16:36:52.0491 6716 Actual detected object count: 0
16:40:52.0194 7036 Deinitialize success

#4 foxflyer

foxflyer

    New Member

  • Members
  • Pip
  • 15 posts

Posted 14 April 2012 - 09:24 PM

Now the IP 87.242.743.219 is popping up with the same application updater.exe and many different ports

#5 foxflyer

foxflyer

    New Member

  • Members
  • Pip
  • 15 posts

Posted 14 April 2012 - 09:43 PM

Logs for today if needed

Thanks for the help!

Attached Files



#6 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 15 April 2012 - 04:35 AM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#7 foxflyer

foxflyer

    New Member

  • Members
  • Pip
  • 15 posts

Posted 15 April 2012 - 02:00 PM

After it rebooted and I tried to open anything it said that the registry or something was scheduled for deletion, I don't know if thats normal or not, but after I rebooted again, it went away so hopefully it was fine. And the notifications are still popping up

Attached File  ComboFix.txt   28.77KB   11 downloads

#8 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 15 April 2012 - 02:34 PM

Hello again,

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#9 foxflyer

foxflyer

    New Member

  • Members
  • Pip
  • 15 posts

Posted 15 April 2012 - 07:29 PM

<p> </p>
<div>C:\Program Files (x86)\FLVPlayer\FLVPlayer.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/InstallCore.A application<span class="Apple-tab-span" style="white-space:pre"> </span>cleaned by deleting - quarantined</div>
<div>C:\Users\omx\Documents\games\Call of Duty 2\Call of Duty 2.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Keygen.CU application<span class="Apple-tab-span" style="white-space:pre"> </span>deleted - quarantined</div>
<div>C:\Users\omx\Documents\games\Daemon Tools PRO Advanced  v5.0.0316.0317\DAEMONToolsPro500316-0317.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/OpenCandy application<span class="Apple-tab-span" style="white-space:pre"> </span>deleted - quarantined</div>
<div> </div>
<div>Still showing notifications</div>
<div> </div>
<div>Thanks for the help so far!</div>


#10 foxflyer

foxflyer

    New Member

  • Members
  • Pip
  • 15 posts

Posted 15 April 2012 - 07:34 PM

Sorry for the weird post, and don't know how to edit them. I'll just post my file

Attached File  ESETScan.txt   416bytes   15 downloads

#11 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 16 April 2012 - 01:26 AM

Please click Start > Programs > Accessories, right click on Command Prompt and select "run as administrator".

Type the following and press enter.

netsh advfirewall reset

netsh firewall reset


Restart the computer and let me know if you still get the pop ups.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#12 foxflyer

foxflyer

    New Member

  • Members
  • Pip
  • 15 posts

Posted 16 April 2012 - 03:23 AM

I am still getting the pop ups after those steps

#13 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 16 April 2012 - 03:51 AM

Hello,

Please click HERE to download Kaspersky Virus Removal Tool (click on the Download link for Version 11).
NOTE. This is quite large file, so be patient.

  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop (be patient; it may take a while).
  • Accept license agreement and click "Start" button.
  • Click on Settings button Posted Image
    • In Scan scope leave pre-checked items as they're and also checkmark My Computer
    • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
  • Click on Automatic Scan tab and then click on Start scanning button.
  • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  • When the scan is done NO log will be produced.
  • Click on Report button Posted Image then on Automatic Scan report tab.
  • Right click anywhere within right pane, click Select All then right click again and click Copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#14 foxflyer

foxflyer

    New Member

  • Members
  • Pip
  • 15 posts

Posted 16 April 2012 - 04:08 PM

I scanned with the Kaspersky tool, and nothing came up, like no threats. The log is 103 MB so..I can't really do much with that

#15 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 17 April 2012 - 04:14 AM

Can you please post me the exact content of the pop-up you see?
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#16 foxflyer

foxflyer

    New Member

  • Members
  • Pip
  • 15 posts

Posted 17 April 2012 - 04:18 AM

Malwarebytes Anti-Malware
Successfully blocked access to a potentially malicious website: 87.242.73.219
Type:outgoing
Port: Varies, changes each time it pops up, Process: updater.exe

#17 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 17 April 2012 - 07:34 AM

Lets run an additional scan here.

OTL
-----
Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#18 foxflyer

foxflyer

    New Member

  • Members
  • Pip
  • 15 posts

Posted 17 April 2012 - 12:16 PM

OTL Files:

Attached File  OTL.Txt   131.63KB   9 downloads
Attached File  Extras.Txt   54.67KB   15 downloads

#19 Elise

Elise

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 8,721 posts
  • Gender:Female
  • Location:Romania

Posted 17 April 2012 - 01:36 PM

Hi again,

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
Folder::
C:\DiskManager
Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

Posted Image


#20 foxflyer

foxflyer

    New Member

  • Members
  • Pip
  • 15 posts

Posted 18 April 2012 - 02:07 AM

Attached File  ComboFix.txt   33.68KB   15 downloads





Also tagged with one or more of these keywords: 195.16.88.68, 195168868, updater.exe, IP address blocked

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users